Comment Re:Thanks OpenBSD (Score 1) 249
Most of the speed gains for high bandwidth x delay networks have been realised in stock OpenSSH already. HPN still does better on very fast long distance networks though.
Comment Re:I know I'm not alone in this... (Score 1) 249
You do realise that we implemented quite a few speedups for high bandwidth x delay networks already. The remaining "HPN" patches make marginal difference for most networks, other than the patch to allow deactivation of encryption that we refuse to merge at all.
Comment Re:Fast, Weak sshfs (Score 1) 249
Faster still (and a better cipher):
ssh -o Compression=no -o Ciphers=arcfour256 -o MACs=umac64@openssh.com
The umac-64 MAC is only supported by OpenSSH AFAIK (though the spec is available to anyone else who wants to). It is faster and has a better security guarantee than HMAC-MD5 (and is way faster than HMAC-SHA1).
Comment Re:Thanks OpenBSD (Score 1) 249
I'd like to thank the OpenBSD project, as well, but I'd also like to point out a few issues.
OpenSSH still won't work with certificates signed by a CA.
Quite right, and we have no intention of incorporating x.509 support. X.509 parsing and verification exposes a large amount of attack surface and all of it is, by necessity, pre-authentication too (the type which, if buggy, allows worms). Read Peter Gurmann's X.509 style guide and see if you ever want to go near this horror again. We have actually written our own minimal RSA verification code to avoid the sort of ASN.1 parsing that is necessary to deal with X.509, and it has saved us from at least seven bugs - some probably exploitable for authentication bypass or remote code execution.
OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.
Yep, we are a _secure_ shell and we take a mildly patriarchal attitude to adding options that can lead to insecure use of OpenSSH. Note that the actual bottleneck in most cases is not the crypto anyway (at least when using arcfour256 as your cipher) but the MAC, and you wouldn't want to switch that off. We do have a very fast MAC though: umac-64
OpenSSH doesn't work - as advertised - with an exclamation point in a "Match" statement.
File a bug, we'll fix it.
Other than that, OpenSSH is possibly one of the most capable and reliable pieces of software I've ever had the privilege to use.
Thanks
Comment Re:Thanks OpenBSD (Score 1) 249
Nope. Not without 3rd party patches anyway.
Comment Re:Thanks OpenBSD (Score 1) 249
Use arcfour256 as your cipher and umac-64@openssh.com as your MAC (ssh -oCiphers=arcfour256 -oMACs=umac-64@openssh.com ...). Between these, CPU is usually not the bottleneck anymore.
We don't support the none cipher because "secure networks" often aren't, and there are already tools that are insecure and go fast.
We don't support the none cipher because "secure networks" often aren't, and there are already tools that are insecure and go fast.
Scientists Deliver Bee Toxin To Tumors Via "Nanobees" 98
ScienceDaily is reporting that Washington University School of Medicine researchers have found a way to deliver bee toxin to tumors using nano-spheres they call "nanobees." The results in mice showed a cessation of growth or even shrinkage of tumors while the surrounding tissue was protected from the toxin. "The core of the nanobees is composed of perfluorocarbon, an inert compound used in artificial blood. The research group developed perfluorocarbon nanoparticles several years ago and have been studying their use in various medical applications, including diagnosis and treatment of atherosclerosis and cancer. About six millionths of an inch in diameter, the nanoparticles are large enough to carry thousands of active compounds, yet small enough to pass readily through the bloodstream and to attach to cell membranes."
Comment Re:Not a bug (Score 4, Informative) 830
You are doing it wrong; permanently failing on recoverable EINTR and EAGAIN errors. See here for how to do it right.
Obama Significantly Revises Technology Positions 940
method9455 writes "Barack Obama has edited his official website on many issues, including a huge revision on the technology page. Strangely it seems net neutrality is no longer as important as it was a few months ago, and the swaths of detail have been removed and replaced with fairly vague rhetoric. Many technologists were alarmed with the choice of Joe Biden before, and now it appears their fears might have been well founded." Update: 09/22 18:07 GMT by T : Julian Sanchez of Ars Technica passed on a statement from an Obama campaign representative who points out that the changes in wording highlighted by Versionista aren't the whole story, and that more Obama tech-plan details are now available in a PDF, saying "there is absolutely no substantive change to our policy - folks who want more information can click to get our full plan."
Cubicle Security For Laptops, Electronics? 532
kamikasee writes "I recently found out that I'm going to be moved from an office to a cubicle. The cubicle area is not very secure, and I'm worried about things wandering off. My boss has offered to buy some equipment to help me secure things, but so far I haven't found anything that fits my requirements. Google and Amazon searches are overwhelmed by lockable key cabinets and larger pieces of furniture. Here are some of the requirements: The main issue with traditional solutions (e.g. locking things in a drawer) is convenience. I use a laptop with a second LCD monitor. There's also an external keyboard and mouse and a USB hard drive. I leave my laptop on at night so I can remote-desktop into it, so I'm not really happy about putting it in a drawer (no ventilation), plus I don't like the idea of having to 'unharness' everything every time I want to put it away. I don't trust cable locks. Besides, cable locks won't help me secure my the USB drive and other electronics that might wander off. The solution I imagine is a lockable, ventilated metal box that would sit under the monitor and house most of the electronics. If it was big enough, I could stick my laptop into it at night (while leaving it running) and feel confident that it would still be there in the morning. I'd be open to other types of solutions. Surely someone else must have dealt with this problem."
Can Google Kill PowerPoint? 257
theodp writes "Far from a PowerPoint killer, Slate's Paul Boutin finds Google's online presentation tool Preso more like a PowerPoint commercial — a half-baked app that shows how powerful Microsoft's program really is. But if you have your druthers, Boutin suggests ditching both and opting for Apple's Keynote, which helped snag an Oscar for Al Gore and inspired this Dear-PPT-Letter. 'The first hurdle ... You can't use it on a plane. Google Preso only works if you've got a live, high-bandwidth Internet connection. You can save the finished product to an HTML presentation on your laptop, but you can't edit the saved version or upload it back. The Splunkers would need to finalize their presos early in the morning in a rented conference room, where both Wi-Fi and Verizon wireless cards have been known to fail. That would kill the presentation.'"
Google Goes After Open Source Licensing Cruft 127
pacopico writes "Google has secret plans to put out its own open source software license, according to this story in The Register. Apparently, Google's efforts will center around developing a simplified open source license that makes it easier for developers to stay "within the spirit" of the license in addition to the law. Chris DiBona at Google was asked about the plans but won't budge with details yet. Still, The Register claims that Google's efforts could improve the license proliferation issues facing the OSI."
Does Google Own Your Content? 160
mjasay writes "ZDNet is reporting that Google has a potentially worrisome clause in its User Agreement for Google Apps. Namely, that any content put into the system and 'intended to be available to the members of the public' is free game for Google, reserving the right for Google 'to syndicate Content submitted, posted or displayed by you on or through Google services and use that Content in connection with any service offered by Google.' Google may not be evil, but giving it these (and other) rights to one's data should be ringing alarm bells in the Google Apps user base."
Astronomers Again Baffled by Solar Observations 299
SteakNShake writes "Once again professional astronomers are struggling to understand observations of the sun. ScienceDaily reports that a team from Saint Andrew's University announced that the sun's magnetic fields dominate the behavior of the corona via a mechanism dubbed the 'solar skeleton.' Computer models continue to be built to mimic the observed behavior of the sun in terms of magnetic fields but apparently the ball is still being dropped; no mention in the announcement is made of the electric fields that must be the cause of the observed magnetic fields. Also conspicuously absent from the press releases is the conclusion that the sun's corona is so-dominated by electric and magnetic fields because it is a plasma. In light of past and present research revealing the electrical nature of the universe, this kind of crippling ignorance among professional astrophysicists is astonishing."
